﻿using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace _07_01_ADONET__Sql注入风险
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void label1_Click(object sender, EventArgs e)
        {

        }

        private void button1_Click(object sender, EventArgs e)
        {
            string connStr = "server=.;database=TestDB;uid=sa;pwd=200234.A";
            SqlConnection sqlcon = new SqlConnection(connStr);
            sqlcon.Open();

            string sql = $"select * from Member where MemberAccount='" +
                $"{this.textBox1.Text}' and MemberPwd ='{this.textBox2.Text}'";
            SqlDataAdapter adp = new SqlDataAdapter(sql, sqlcon);
            DataTable dt = new DataTable();
            adp.Fill(dt);
            if (dt.Rows.Count == 0)
            {
                MessageBox.Show("没有找到结果");
                return;
            }
            MessageBox.Show("登录成功");
            sqlcon.Close();
        }

        private void textBox2_TextChanged(object sender, EventArgs e)
        {

        }

        private void textBox1_TextChanged(object sender, EventArgs e)
        {

        }
    }
}
 